Linux Router KIT
dirk at power.net
dirk at power.net
Wed Oct 28 18:05:41 UTC 1998
We are also using Linux as routers/firewalls. Our twist is that the
boxes have no harddrives! Instead we have hacked the software a little
and now run 100% from CD-ROM. Bascially / is on a ramdisk. Our typical
box has a 60MByte RAM disk out of 128MByte total RAM. Very fast.
We can change config using ssh, save stuff using scp or make a new
CD-ROM from time to time. Either way, zero maintenance. No backups
necessary either. Works with any PC that will boot from a CD. One of
our beta testers says that a P2 266 will packetfilter 50MBit/sec easily.
Linux doesn't just kill Microsoft's NT and Solaris. It also eats
Cisco for lunch.
Email me if you think there would be interest in such a
"Linux Router/Firewall KIT". We are about to package a CD based
distribution plus a couple of the right Ethernet cards (this is key!)
and are looking for more beta testers.
Dirk
On Tue, Oct 27, 1998 at 03:20:40PM -0800, Dan Hollis wrote:
> On Tue, 27 Oct 1998, John Fraizer wrote:
> > [root at core0-eth0]:~ # /sbin/route
> > Kernel IP routing table
> > Destination Gateway Genmask Flags Metric Ref Use Iface
> > Gateway-NET * 255.255.255.252 U 0 0 5 eth0
> > EZone-CoLo-2xx- * 255.255.255.192 U 0 0 97 eth2
> > 2xx.xx.2xx.0 * 255.255.255.0 U 0 0 6189 eth1
> > xx6.28.xx.0 * 255.255.255.0 U 0 0 17 eth1:0
> > xx9.201.1x8.0 * 255.255.255.0 U 0 0 27 eth1:1
> > loopback * 255.0.0.0 U 0 0 0 lo
> > default core1-eth0-Ente 0.0.0.0 UG 1 0 286496 eth0
>
> We're doing similar:
>
> $ netstat -rn
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window irtt Iface
> 255.255.255.255 0.0.0.0 255.255.255.255 UH 1500 0 0 eth2
> xxx.xxx.xxx.64 0.0.0.0 255.255.255.240 U 1500 0 0 eth1
> xxx.xxx.xxx.160 0.0.0.0 255.255.255.224 U 1500 0 0 eth2
> xxx.xxx.xxx.0 0.0.0.0 255.255.255.0 U 1500 0 0 eth0
> 127.0.0.0 0.0.0.0 255.0.0.0 U 3584 0 0 lo
> 0.0.0.0 xxx.xxx.xxx.254 0.0.0.0 UG 1500 0 0 eth0
>
> The 255/32 route is so that the isc-dhcp server on the box will work with
> win95 clients. eth2 goes to a remote customer site via DSL. So they just
> plonk win95 machines on their hub and dont have to do any configuration.
>
> This machine is a 486DX/33 with 16mb ram. Even under heavy load between
> multiple ether interfaces with lots of firewall rules (eg ping -f -s 1500
> from one side of the router to the other) it rarely breaks 15% cpu.
>
> Basically linux makes a _great_ multi-ethernet router.
>
> -Dan
>
More information about the NANOG
mailing list